Mividas can be deployed in your network in a number of different ways that suit your organization. See the deployment guide for more information.
To help filtering traffic for different services in different network zones, Mividas Core and Rooms allow using different domain names and/or URL-prefixes for different types of services.
URL prefix guide – most often opened up beyond LAN/DMZ
If you have enabled Mividas Core scheduling API and Separate domain name for Rooms Endpoint event requests in the Installer, these services are already filtered for their respective domain name. Otherwise, the main management hostname should allow all traffic for regular users, and the following URL-prefixes may be filtered for external systems and external edge nodes.
Mividas Core | (the main hostname allow access to all services, also if dedicated service hostnames are used) |
/cdr/ | Call detail records and external policy requests from CMS and Pexip Infinity nodes |
/json-api/v1/ | Management API (note, almost everything can be changed using this API. You may add only specific API endpoints to your load balancer configuration) |
Mividas Core Scheduling API | (may use a dedicated domain name) |
/api/v1/ | Meeting scheduling API |
Mividas Rooms | (may use dedicated domain name) |
/tms/ /ep/ | HTTP Feedback events, passive provisioning from Cisco video conferencing systems |
/site_media/media/firmware/ /tms/firmware/download/ /ep/firmware/download/ | Firmware files for Cisco video conferencing systems |
/epm/proxy/ | Mividas Proxy client handshake |
Mividas Core Meeting Portal | |
/outlook/v1/ | Outlook addin + scheduling API requests |
/saml/ | SAML2 SSO-authentication |
Example – Reverse proxy for satellite offices, with local firmware cache
Prerequisites:
- Split DNS for the remote office with the domain names of the Core/Rooms-server overridden to the LB/RP
- Valid SSL certificates
- Replace 123.123.123.123 with the real IP of the server, and replace mividas.example.org with the fqdn for Mividas Core/Rooms installation
- If using “Separate domain name for Rooms Endpoint event requests” in your installation, replace endpoints.example.org with the configured fqdn. Otherwise remove the last server{}-block
- Example to start using docker, with the file below named mividas.conf and certificates in a directory named “ssl”:
docker run --rm -p 80:80 -p 443:443 -v `pwd`/mividas.conf:/etc/nginx/conf.d/default.conf -v `pwd`/ssl/:/etc/nginx/ssl/:ro nginx
mividas.conf:
proxy_cache_path /var/cache/nginx keys_zone=mividas_static:100m inactive=10h max_size=30g;
limit_conn_zone $server_name zone=firmware:1m;
upstream mividasvm {
server 123.123.123.123:443;
}
server {
listen 80;
server_name mividas.example.org;
server_name endpoints.example.org;
location / {
rewrite ^/?(.*) https://$http_host/$1;
}
}
server {
listen 443 ssl http2;
server_name mividas.example.org;
ssl_certificate /etc/nginx/ssl/mividas.example.org.fullchain.crt;
ssl_certificate_key /etc/nginx/ssl/mividas.example.org.key;
# set_real_ip_from 234.234.234.234; # Uncomment this to pass client IP from upstream proxies
proxy_set_header Host mividas.example.org;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
underscores_in_headers on;
proxy_http_version 1.0;
proxy_ssl_session_reuse on;
# Add your access rules here (ip/geoip etc)
location / {
proxy_pass https://mividasvm;
}
location ~ ^(/site_media/media/firmware/|/(tms|ep)/firmware/download/) {
proxy_cache mividas_static;
proxy_cache_valid 200 7d;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_buffering off;
limit_conn firmware 10;
proxy_pass https://mividasvm;
}
location /site_media/ {
proxy_cache mividas_static;
proxy_cache_valid 200 60s;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_buffering off;
proxy_pass https://mividasvm;
}
}
# Only needed if using "Separate domain name for Rooms Endpoint event requests" in your installation:
server {
listen 443 ssl http2;
server_name endpoints.example.org;
ssl_certificate /etc/nginx/ssl/endpoints.example.org.fullchain.crt;
ssl_certificate_key /etc/nginx/ssl/endpoints.example.org.key;
# set_real_ip_from 234.234.234.234; # Uncomment this to pass client IP from upstream proxies
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
underscores_in_headers on;
proxy_http_version 1.0;
proxy_ssl_session_reuse on;
# Add your access rules here (ip/geoip etc)
location / {
proxy_pass https://mividasvm;
}
location ~ ^(/site_media/media/firmware/|/(tms|ep)/firmware/download/) {
proxy_cache mividas_static;
proxy_cache_valid 200 7d;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_buffering off;
limit_conn firmware 10;
proxy_pass https://mividasvm;
}
}
Mividas Rooms Proxy-client TCP port forward. Add this outside of the http-configuration, e.g. in /etc/nginx.conf or by creating a file in /etc/nginx/mods-enabled/mividas_proxy.conf
# Mividas Rooms Proxy client (optional). Replace 2222 with your configured port number
stream {
server {
listen 2222;
# Add your access rules here (ip/geoip etc)
proxy_pass 123.123.123.123:2222;
}
}